Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/x3d32cBAQihX-C9DRcOigewXCh0.roa
File:                     x3d32cBAQihX-C9DRcOigewXCh0.roa (raw, json)
Hash identifier:          icrfiATjFSl02s+RrYTipR8npXKCxqR0/g6dSg2cjv4=
Subject key identifier:   C7:77:77:D9:C0:40:42:28:57:F8:2F:43:45:C3:A2:81:EC:17:0A:1D
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       018AFBD9A2A1B9EFF6646DE175777DD6B7AD
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/x3d32cBAQihX-C9DRcOigewXCh0.roa
Signing time:             Wed 04 Oct 2023 18:00:58 +0000
ROA not before:           Wed 04 Oct 2023 18:00:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        5.105.128.0/24 maxlen: 24
                          5.105.160.0/24 maxlen: 24
                          5.105.89.0/24 maxlen: 24
                          5.105.86.0/24 maxlen: 24
                          5.105.88.0/24 maxlen: 24
                          5.105.87.0/24 maxlen: 24
                          5.105.22.0/24 maxlen: 24
                          5.105.250.0/24 maxlen: 24
                          5.105.251.0/24 maxlen: 24
                          5.105.255.0/24 maxlen: 24
                          5.105.254.0/24 maxlen: 24
                          5.105.176.0/24 maxlen: 24
                          5.105.191.0/24 maxlen: 24
                          5.105.190.0/24 maxlen: 24
                          5.105.192.0/24 maxlen: 24
                          5.105.194.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:fb:d9:a2:a1:b9:ef:f6:64:6d:e1:75:77:7d:d6:b7:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Oct  4 18:00:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c77777d9c040422857f82f4345c3a281ec170a1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e5:f2:76:54:9f:b8:29:e8:a5:98:bf:10:7c:
                    06:fc:c7:b5:56:fb:05:9f:07:8a:19:5b:eb:2c:c4:
                    00:b6:2e:44:9e:38:f4:0f:bf:47:e8:b4:35:0a:55:
                    b4:9c:51:0a:8c:dc:02:69:8e:39:2b:f4:02:0e:47:
                    d3:9e:1d:73:98:26:d4:97:14:46:e5:61:4c:16:78:
                    b6:d6:61:89:c3:b3:1e:b6:77:39:cd:89:20:f1:42:
                    23:a2:93:68:28:cd:ae:a6:35:c9:83:f5:70:41:48:
                    dc:2d:ea:09:bd:70:12:59:e2:8c:85:5c:47:bf:cf:
                    9b:f6:69:f8:31:5e:2c:1d:76:05:03:8d:60:94:82:
                    2b:c3:6a:a1:64:bf:5d:42:b4:0c:61:5f:2a:e9:07:
                    d8:c1:57:c1:9d:87:7d:4f:62:10:18:be:03:1d:5d:
                    2f:50:96:39:8b:93:57:7b:56:cb:8c:e6:05:59:30:
                    04:a8:e8:ff:ba:ec:af:8c:81:73:3f:73:af:9f:15:
                    13:3f:6c:44:68:f3:7c:a7:5a:1e:a1:36:86:b5:22:
                    eb:48:2b:94:f7:a8:eb:66:ec:c7:6e:a3:13:bd:54:
                    d9:3a:10:b5:76:2e:12:5f:f2:4f:8b:9d:f7:55:35:
                    56:28:8d:38:bd:5e:9f:36:64:54:fd:28:eb:9b:ad:
                    d6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:77:77:D9:C0:40:42:28:57:F8:2F:43:45:C3:A2:81:EC:17:0A:1D
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/x3d32cBAQihX-C9DRcOigewXCh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.22.0/24
                  5.105.86.0-5.105.89.255
                  5.105.128.0/24
                  5.105.160.0/24
                  5.105.176.0/24
                  5.105.190.0-5.105.192.255
                  5.105.194.0/24
                  5.105.250.0/23
                  5.105.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:c3:57:0b:92:c1:a0:d2:b4:ff:05:22:79:b6:d6:ab:c1:dd:
         04:3b:0b:2e:2e:95:f1:95:1a:3d:b9:93:bc:06:af:6d:81:c8:
         ce:18:53:53:5a:f2:03:d1:f6:2b:db:6a:43:d1:09:c8:29:15:
         55:68:7c:da:bc:62:79:ef:ea:78:58:9c:54:0d:b7:f0:04:86:
         9d:fa:13:e0:f6:ef:c0:bf:42:7d:a2:e3:56:c8:1e:fa:1b:e1:
         95:97:4f:e8:b7:9f:9a:be:41:e9:3e:ab:96:4b:8b:26:11:e6:
         29:cd:fc:6a:0b:6c:d7:89:f1:cd:db:a2:9e:b2:58:3c:8a:c7:
         56:94:da:c4:17:f6:25:a7:02:14:e4:36:13:c0:ee:e5:fa:6c:
         f7:1d:88:50:80:4b:5c:ce:2f:cf:79:8c:78:07:b2:bb:fb:b7:
         1c:47:88:ba:4b:d8:4e:94:34:4e:ae:a0:1d:af:4e:72:9e:dc:
         34:14:4e:01:fe:79:ea:0a:d0:37:2b:52:fd:79:18:e4:21:73:
         17:2c:28:b8:8f:87:9c:6a:f3:aa:31:19:ca:0d:98:e5:f0:49:
         fc:ed:63:1b:fb:1d:32:36:5b:ee:77:07:0e:22:ec:04:49:58:
         6e:29:4d:1f:7f:1b:7f:fd:47:06:f8:2a:99:cf:85:23:a0:2c:
         74:c4:72:6c
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYr72aKhue/2ZG3hdXd91retMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMxMDA0MTgwMDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzc3NzdkOWMwNDA0MjI4NTdmODJmNDM0NWMzYTI4MWVjMTcwYTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3uXydlSfuCnopZi/EHwG/Me1VvsF
nweKGVvrLMQAti5Enjj0D79H6LQ1ClW0nFEKjNwCaY45K/QCDkfTnh1zmCbUlxRG
5WFMFni21mGJw7Metnc5zYkg8UIjopNoKM2upjXJg/VwQUjcLeoJvXASWeKMhVxH
v8+b9mn4MV4sHXYFA41glIIrw2qhZL9dQrQMYV8q6QfYwVfBnYd9T2IQGL4DHV0v
UJY5i5NXe1bLjOYFWTAEqOj/uuyvjIFzP3OvnxUTP2xEaPN8p1oeoTaGtSLrSCuU
96jrZuzHbqMTvVTZOhC1di4SX/JPi533VTVWKI04vV6fNmRU/Sjrm63WVwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFMd3d9nAQEIoV/gvQ0XDooHsFwodMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEveDNkMzJjQkFRaWhYLUM5RFJjT2lnZXdYQ2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQABWkWMAwD
BAEFaVYDBAEFaVgDBAAFaYADBAAFaaADBAAFabAwDAMEAQVpvgMEAAVpwAMEAAVp
wgMEAQVp+gMEAQVp/jANBgkqhkiG9w0BAQsFAAOCAQEAasNXC5LBoNK0/wUiebbW
q8HdBDsLLi6V8ZUaPbmTvAavbYHIzhhTU1ryA9H2K9tqQ9EJyCkVVWh82rxiee/q
eFicVA238ASGnfoT4PbvwL9CfaLjVsge+hvhlZdP6Lefmr5B6T6rlkuLJhHmKc38
agts14nxzduinrJYPIrHVpTaxBf2JacCFOQ2E8Du5fps9x2IUIBLXM4vz3mMeAey
u/u3HEeIukvYTpQ0Tq6gHa9Ocp7cNBROAf556grQNytS/XkY5CFzFywouI+HnGrz
qjEZyg2Y5fBJ/O1jG/sdMjZb7ncHDiLsBElYbilNH38bf/1HBvgqmc+FI6AsdMRy
bA==
-----END CERTIFICATE-----